SpeechStorm makes IVR payments easier – and more secure

Belfast, 15 January, 2013 – Leader in phone-based and mobile customer service, SpeechStorm, has announced that its Payment Capture application has been validated against the Payment Application Data Security Standard (PA-DSS) by the Payment Card Industry Security Standards Council (PCI-SSC: www.pcisecuritystandards.org). This is an important achievement at a time when EU payment card fraud stands at EUR1.5bn.

This validation means that organisations adopting the company’s IVR applications can ensure the highest level of over-the-phone card payment security, protecting cardholder data and consumers from the ever-present threat of payment card fraud. SpeechStorm’s application is also the first pre-built PA-DSS compliant solution for Genesys Voice Platform (GVP).

While most organisations are aware of their obligations to be PCI compliant, achieving compliance for solutions already in operation or for in-house developed applications can be challenging, costly and time consuming. SpeechStorm’s pre-built application not only enables rapid deployment, it reduces the time and effort required for a PCI audit, since the core application itself has already been validated according to PA-DSS.

SpeechStorm Payment Capture can be used either in fully automated self-service transactions, e.g. paying a bill over the phone using the IVR, or in allowing payments to be taken in the contact centre, using the IVR to capture sensitive card data instead of the customer being asked for it by an agent.

“As customers, we all trust that organisations will use and store our data in a responsible way. Merchants must comply with industry regulations or face being fined. An off-the-shelf solution that is already validated is the fastest and most effective way for an organisation to meet security standards compliance, and is especially important at a time when the level of card fraud demands we do all in our power to prevent it,” said SpeechStorm CEO and co-founder, Oliver Lennon.

According to a report recently released by Europol*, credit and debit card fraud across the European Union currently stands at approximately EUR1.5bn a year. With 726 million such cards in use in the EU, this move by SpeechStorm will protect client businesses by protecting their customers’ data.

“Compliance is something demanded by industry, but customers are also increasingly concerned about how their card details are handled,” Lennon continued. “One of the advantages of IVR over other approaches to compliance is that customers themselves feel re-assured about the security of the transaction – keying in or speaking card details to a machine feels much safer than reading them out to someone you don’t know at the other end of the line. For card users like you and me, that makes an everyday task not just much easier, but more secure, too.”

PA-DSS validated Payment Capture is included in SpeechStorm’s latest software release, codenamed Godard, and available now.

Payment Security Context
The PCI SSC specifies a number of requirements for data security compliance by retail organisations or service providers such as utilities and phone companies who conduct customer transactions by phone. Among other requirements, the cardholder Primary Account Number (PAN), i.e. the long number on a credit or debit card, must be encrypted if it is to be stored by the system and the three or four-digit security code on the reverse must never be stored.

Using a PA-DSS validated application, like SpeechStorm Payment Capture, provides re-assurance that the application supports compliance with the PCI-DSS. No additional verification of the application itself is required. For taking payments in the contact centre, SpeechStorm Payment Capture is cost effective and easy to deploy, involving much less disruption than making complex changes to recording systems or hardware-based alternatives, which prevent key presses from being heard. Instead, calls are simply routed to the IVR for capture of sensitive card data and returned to the agent when this is complete.

If, as is often the case, capturing the payment is the last step in the process, the customer can complete his or her transaction on the IVR and the agent can be freed up to take another call. Customers feel reassured that since the agent is not on the call while card details are being entered – either using the keypad or by speaking to the system – there is no danger of them being overheard or captured, fraudulently.

About SpeechStorm – www.speechstorm.com
SpeechStorm® helps organisations of all sizes make everyday tasks easier for their customers. We provide pre-built IVR, speech self-service and mobile apps that reduce waiting times for customers and reduce call handling times in the contact centre. Our solutions are quick to implement and easy to manage, putting the business in control of the customer experience.